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1. Introduction 

We consider two standard pseudorandom number generators from number 
theory: the linear congruential generator and the power generator. For the 
former, we are given integers e,b,n (with e, n > 1) and a seed u = uq, and 
we compute the sequence 

Ui+i = eui + b (mod n). 

This sequence was first considered as a pseudorandom number generator by 
D. H. Lehmer. For the power generator we are given integers e,n > 1 and 
a seed u = uq > 1, and we compute the sequence 

u i+ i = u\ (mod n) 

so that Ui = u el (mod n). A popular case is e = 2, which is called the 
Blum-Blum-Shub (BBS) generator. 

Both of these generators are periodic sequences, and it is of interest to 
compute the periods. To be useful, a pseudorandom number generator 
should have a long period. In this paper we consider the problem of the 
period statistically as n varies, either over all integers, or over certain subsets 
of the integers that are used in practice, namely the set of primes and the 
set of "RSA moduli," that is, numbers which are the product of two primes 
of the same magnitude. 

If (e, n) = 1, then the sequence e % (mod n) is purely periodic and its 
period is the least positive integer k with e k = 1 (mod n). We denote this 
order as ord(e, n). If (e, n) > 1, the sequence e % (mod n) is still (ultimately) 
periodic, with the period given by ord(e, 7i( e )) where ri( e ) is the largest divisor 
of n that is coprime to e. (The aperiodic lead-in to such a sequence has 
length bounded by the binary logarithm of n.) In this paper we shall denote 
ord(e,n( e )) by ord*(e,n). The periods of both the linear congruential and 
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power generators may be described in terms of this function. For the linear 
congruential generator we have Ui = e l (u + b(e — — b(e — (mod n) 
when e — 1 is coprime to n, so that if we additionally have u + b(e — 
coprime to n, the period is exactly ovd*(e,n). In general, the period is 
always a divisor of ord (e, n)(e— 1, n). 

For the power generator, the period is exactly ord (e,ord (u,n)). We 
shall assume that u is chosen so that ord (u, n) is as large as possible for 
a given modulus n. 1 This maximum is denoted A(n), following Carmichael. 
First described by Gauss, A(n) is the order of the largest cyclic subgroup 
of (Z/nZ) x . It satisfies A([a, £>]) = [A(a),A(6)], where [ , ] denotes the least 
common multiple. Further, for a prime power p a we have X(p a ) = 4>{p a ) = 
(p — l)p a ~ l , except when p = 2, a > 3 in which case A (2 a ) = 2 a ~ 2 . For the 
power generator, we thus will study ord (e, A(n)). Note that it is especially 
important to use the function ord* rather than ord when considering the 
modulus A(n), since for n > 2, A(n) is always even, and in general, A(n) 
is divisible by the fixed number e for a set of numbers n of asymptotic 
density 1. 

We begin by reviewing some of the literature on statistical properties 
of ord (e,n). In (TB] Pappalardi showed that there exist a, 5 > such that 
ord(e,p) > p l l 2 exp((logp) 5 ) for all but 0{xj log 1+Q x) primes p < x. He also 
asserted, assuming the Generalized Riemann Hypothesis 2 (GRH), that if 
i/j(x) is any increasing function tending to infinity as x tends to infinity, then 
ord(e,p) > p/i/j(p) for all but 0(ir(x) \og(ip(x))/ip(\/x)) primesp < x, where 
as usual, ir(x) is the total number of all primes p < x. (Although stated 
for any unbounded monotone function ip(x), it appears that the proof only 
supports the case when ip(x) is increasing rather slowly. A similar result with 
ijj(x) < (loga;) 1_€ is proved in the first author's paper jllj. In Theoreml2*3lwe 
obtain a small, yet for our purposes crucial, strengthening of this result.) In 
Erdos and Murty showed that if e(x) is any decreasing function tending 
to zero as x tends to infinity, then ord(e,p) > p l / 2+e ^ for all but o(ir(x)) 
primes p < x, and in ^U] Indlekofer and Timofeev gave a similar lower bound 
with an explicit estimate on the number of exceptional primes. Further, 
it follows immediately from work of Goldfeld, Fouvry, and Baker-Harman 
that there is a positive constant 7 such that ord(e,p) > p 1 / 2+7 for a positive 
proportion of the primes p. 

The period of the power generator u £l (mod pi) was studied in Friedlander, 
Pomerance and Shparlinski jjj, where p, I are primes of the same magnitude. 



At the end of the paper we briefly consider the general case where this assumption is 
not made. 

2 More precisely, that the Riemann hypothesis holds for L-functions associated with 
certain Kummer extensions 
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One of the results there is that this period is > {pi) 1 " 6 for most choices of 
u,e,p,l. However, once the exponent e is fixed, say at 2, the results of [7] 
are noticeably weaker. 

As for ord(e, n) for n a positive integer, in ^21 Kurlberg and Rudnick 
proved that there exists 5 > such that ord(e,n) ^> n 1//2 exp((logn) <5 )) 
for all but o(x) integers n < x that are coprime to e. Further, in [TT] . 
Kurlberg showed that the GRH implies that for each e > 0, we have 
ord(e, n) ^> n 1_e for all but o(x) integers n < x that are coprime to n, 
and in |I3j Li and Pomerance improved the lower bound to ord(e, n) > 
n (\ ogn )-(i+°M)i°g^°g™^ a result that is best possible. 

To complement these theorems we give some new results on ord(e, n) and 
ord*(e, n). 

Theorem 1. Results on ord*(e, n): 

(1) Suppose e{x) tends to zero arbitrarily slowly as x — > oo. Then 
ord*(e,n) > n 1 ^ 2+e ^ n ' for all but o e (x) integers n < x. 

(2) There is a positive constant ji such that ord(e,n) > n l l 2+l1 for a 
positive proportion of the integers n. 

These relatively easy results, together with the GRH-conditional results 
mentioned above, become the model for the principal results of this pa- 
per. We consider the power generator for 3 classes of moduli: primes, the 
products of two primes of the same magnitude, and general moduli. 

Theorem 2. Results on ord*(e,p— 1): 

(1) Suppose e(x) tends to zero arbitrarily slowly as x — > oo. Then 
ord*(e,p — 1) > p l / 2+t( 3>} for all but o 6 ('k(x)) primes p < x. 

(2) There is a positive constant 72 such that ord*(e,p — 1) > p 1 / 2 ^ 2 for 
a positive proportion of the primes p. 

(3) ( GRH) For each fixed e > we have ord (e,p— 1) > p l ~ e for all but 
o e (ir(x)) primes p < x. 

Consider moduli pi where p, I are primes with p,l < Q (where Q is an 
arbitrary bound). Using our results on ord*(e,p — 1), we can prove the 
following theorem. 

Theorem 3. Results on ord*(e, X(pl)): 

(1) Suppose e(x) tends to zero arbitrarily slowly as x — > 00. Then 
ord (e,X(pl)) > (pl) 1 ' 2+e<J>1 ' for all but o e (n(Q) 2 ) pairs of primes 
p,l<Q. 

(2) There is a positive constant 73 such that for a positive proportion of 
the pairs of primes p,l < Q, we have ord*(e, \(pl)) > (pl) l l 2+yi . 

(3) (GRH) For each fixed e > we have ord (e, X(pl)) > (pl) 1 ~ t for all 
but o e {n{Q) 2 ) pairs of primes p,l <Q. 
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Instead of considering specifically RSA moduli n = pi, one may consider 
the general case where no restriction is made on the modulus n. As we 
have seen, the length of the period for the sequence (m) is bounded by 
ord (e, A(n)). In our last theorem we establish similar results as above for 
this order. 

Theorem 4. Results on ord*(e, A(n)): 

(1) Suppose e(x) tends to zero arbitrarily slowly as x — > oo. Then 
ord*(e, A(n)) > n l / 2+e ^ for all but o € (x) integers n < x. 

(2) There is a positive constant 74 such that ord*(e, A(n)) > n 1 ^ 2+/yi for 
a positive proportion of the integers n. 

(3) (GRH) For each fixed e > we have ord (e, A(n)) > n l ~ e for all but 
o e (x) integers n < x. 

We actually achieve a best-possible result in part 3 of Theorem HJ showing 
that, on assumption of the GRH, that 

ord*(e, n) = n ■ exp (— (1 + o(l))(loglogn) 2 logloglogrz) 

as n — > 00 through a set of asymptotic density 1. 

Acknowledgement. We would like to thank Igor Shparlinski for several 
helpful conversations. 



2. Preliminary ideas 
In this section we present an argument that shows that ord*(e,n) > 

n l/2+e(n) on a 

set of asymptotic density 1; that is, we prove the first item in 
Theorem n This argument will then be a model for the analogous item in 
each of Theorems 121 El IH 

We begin with a useful lemma. The proof appeared in [T21, section 5.1, 
but for completeness we give a somewhat shorter argument here. 

Lemma 5. For any natural number n we have 

ord*(e,n) > ^ - TTord*(e,p) = ^ - TT ord(e,p). 
n - LJ - n - LJ - 

p\n p\n, p\e 

Proof. The equality is trivial. For the inequality, note that for positive 
integers a«, bi we have 

lcm{ai&i, . . . , a k b k } \ b ± ■ ■ ■ b k ■ lcm{ai, . . . , a k }, 

as each divides bi---b k ■ lcm{a 1; . . . , a k }. We apply this with the 
Oj's being the various ord (e,p) for p\n and the corresponding b^s being 
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A(p /3 )/ord*(e,p), where p^||n. Then lcm{ai&i, . . . , = A(n). Further, 

ord*(e, n) is divisible by lcm{ai, . . . , a k }, so that 

A(n) ord*(e,n) -r-r Afj^ 3 ) ^ ord*(e,n) 
n n llord*(e,p) ~ n p |n ord *( e 'P)' 

□ 

Suppose V is a subset of the prime numbers. We let ir-p(x) denote the 
number of primes p < x with p G V. For a positive integer n we let Ti-p 
denote the largest divisor of n that is free of prime factors outside of V. 

Let e be an integer with e > 1. Let e(x) be an arbitrary monotonic 
function with 

(1) e{x) = o(l), e(x) > 1/ log log a;, e(x 1/loglog:c ) < 2e(x), 

where the last two conditions hold for x sufficiently large. We now partition 
the primes into 3 sets: 

ord*(e,p) < p 1 ^ 2 / \ogp} 
p 1/2 /\ogp < ord(e,p) < p 1 /^ 2 ^)} 
ord(e,p) > pVa+^W}, 



£ = {p prime 
•M = {p prime 
7i = {p prime 



where we use the mnemonic low, medium, high for C,Ad,TC. Note that £ 
contains the prime factors of e. 

Let u(n) denote the number of prime number divisors of n. 

Lemma 6. We have tcc(x) = 0(x/log 3 x) so that Y^ p ec^/P = ^(-0- ^ n 
addition, we have 

(2) y, \ = ri( i - vp) _i = o(i) 

n c =n peC 

and 

(3) 1 < x/log 3 x. 

n£=n, ?i<ie 

Proof. To see the first assertion, let y = x 1//2 /logx and note that if p E C 
and p < x, then ord (e,p) < y. That is, p divides e or some e J — 1 with 
1 < j < 2/- Using the estimate u(m) <C logm/ log log m, we have 

vr £ (x) < uj e JJ (e j - 1) J < y 2 /logy < x/ log 3 x. 

The result about ^ p6;C 1/p then follows by partial summation, and (j2J fol- 
lows trivially as a consequence. 
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We now prove (|3J). Let Lk(x) denote the number of integers n < x with 
n = ric and uj(n) = k. We show by induction that there is a positive 
constant c such that 

(4) L k (x) < c ^|8V^^| , 

from which (jH)) directly follows by summing on k getting 



£ 1 < c 

ri£=n, n<x 




To see (jH) note that we have already verified it in the case k = 1. Assume 
it is true at k. Since no number can have two coprime prime-power divisors 
bigger than the squareroot, we have 

L k+ i(x) < ~ L ^/P a ) 

pec, p a <x 1 / 2 




This completes the proof of the lemma. □ 

Note that © is all we shall need in this section, but we need the stronger 
result © for our later results. 

For a positive integer n, let j(n) denote the largest squarefree divisor of 
n, sometimes called the "core" of n. 

Lemma 7. But for a set of natural numbers n of asymptotic density we 
have 

nc < log n 
n/j(n) < logn 
u>(n) < 2 log logn. 

Proof. The first assertion follows directly from (j2J). The assertion about 
n/'~f(n) follows from the fact that the number of n < x with n/'~f(n) > T 
is 0(x/VT). Indeed, if u = n/^{n), then wy(u)\n and w~j{u) is squareful 
(divisible by the square of each of its prime factors). The assertion then 
follows from partial summation and the fact that the number of squareful 
numbers up to x is 0(y/x). The final assertion about ui{n) follows from the 
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theorem of Hardy and Ramanujan that the normal number of prime factors 
of n is log log n. □ 

One question of interest is how large can we expect to be for most 
numbers n. Since most numbers do not have a divisor very near their square 
root, there is hope that this ingredient can be used. Erdos and Murty used 
this idea to show that ~km{. x ) — o(ir(x)) and Pappalardi and Indlekofer- 
Katai got more quantitative versions of this result. We state a consequence 
from the latter paper. 

Lemma 8 ([10], Cor. 6). With e(x) as specified in (0), we have vr^(a;) = 
0(e(xy/ 12 7i(x)). 

We now show that as a consequence of Lemma |H1 not many integers n 
have a large divisor composed of primes from A4. Let A denote the von 
Mangoldt function. 

Lemma 9. With e(x) as specified in the number of integers n < x with 
km > ^ 1//3 is 0(e(x) l / l2 x). 

Proof. We have 



d. 



V-^ logp 

< x 2__, \- 0(x) 



n<x n<x d\n d M =d p&M 

d M =d d<x p<x 

Now, using Lemma El and ((H), 

^ hgp logx riogt-1 

> = vr A1 (x)+ / - 7r M (t)dt 

J) X job 

P eM, p<x y J 2 

rx e ( t )l/12 

< / ^ dt + o(l) 

J2 * 

[) dt+ / ^ dt + o(l) 



< loga; +e(x) 1/12 logx < e(a;) 1/12 logx. 
log log a; 



Thus, 



^logn» <C e(x)^ 12 xlogx, 

so that the result follows readily. □ 

Lemma 10. For x sufficiently large, the number of integers n < x with 
A(n) < nexp(— (loglogn) 3 ) is at most x/(logx) 10 . 

This result follows from Theorem 5 of jjj. 

We are now ready to prove the first part of Theorem 
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Theorem 11. Suppose e(n) satisfies (JTJ). But for a set of integers n of 
asymptotic density we have 

ord*(e,n) > n 1/2+e(n) . 

Proof. By Lemma ITU1 we may assume that A(n) > nexp(— (log logra) 3 ). 
Thus, from Lemma Eland Lemma [7| we have 

ord*(e, n) > exp(— (log log n) 3 ) J J ord(e, n) 

p\n/n c 

> exp(-(loglogn) 3 ) Y[(p 1/2 /\ogp) ^[ p 1/2+2e(p) 

p\n M p\n n 

> exp(-(loglogn) 3 - u(n) loglogn)7(n_ M ) 1/2 7(n w ) 1/2+2e(ri) 

> exp(— 2(loglogn) 3 )n 1//2 n 2 ^ ri \ 

By Lemmas [7| and 01 we may also assume that n-^ > n 3 ^ 5 . Thus, our result 
follows from □ 

3. The 1/2 + e results 

We now consider analogs of Theorem m certain interesting cases. Say 
an infinite subset S of the natural numbers has property P "almost always" 
if _ 

2_j 1 ~ /J 1 as x — > oo. 

s£iS, s<x s£S, s<x 

s has property P 

In this section P will be the property that ord (e, A(n)) > nV2+e(r^ That 
is, for e(x) satisfying (JTJ), 

n has property P e : ord*(e, \ {n)) > n l l 2+e ^ n \ 

Our goal of this section is to prove the following theorem, which comprises 
the union of the first items of Theorems 121 El and 0J 

Theorem 12. If e(x) satisfies (Q) then the following sets have property P e 
almost always: the set of prime numbers, the set of integers n = pi where 
p, I are primes with p < I < 2p, and the set of all natural numbers. 

We will need the following form of the Brun-Titchmarsh inequality (see 
[S], Theorem 3.8): 

Lemma 13. Suppose k,l are coprime integers with k > and let 7c(x,k,l) 
be the number of primes p < x such that p = I (mod k). Then tt(x, k, I) 

— — — - — — uniformly for x > k. 
<p{k) log(x/ k) 

We begin with an analog of Lemma for shifted primes. 
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Lemma 14. But for a set of prime numbers p of relative density within 
the set of all primes, we have 

(p - l) c < logp 

(p-l)/7(p-l) < lo SP 

u(p—l) < 2 log log p 

Proof. Using © we have that 

1 

// log 2 T' 



n=ri£, n>T 



Thus, by a trivial argument we may assume that (p—l)c < p 1 ^ 2 ■ The Brun- 
Titchmarsh inequality and (J3J) allow one to handle the remaining cases where 
(p — l)c is between logp and p 1 ! 2 as follows. It suffices to show that 

ir(x,n,l) = o(ir(x)), 



but the sum is <C ir(x) Y^ n >-iogx n=n c V0( n )- Using the well-known esti- 
mate l/<p(n) <C (log log n)/ri, we have our result from (jSJ). The argument 
for (p — l)/7(j? — 1) is similar, namely that a trivial argument is used when 
(p — l)/7(p — 1) is large and the Brun-Titchmarsh inequality when it is 
small. The final assertion follows from the main result of [3] that the nor- 
mal number of prime factors of p — 1 is log log p. □ 

We now turn our attention to an analog of Lemma M f° r shifted primes. 
Lemma 15. With e(x) as specified in the number of primes p < x with 

(p - 1) M > p 1 / 3 IS 0(t(x) l ' 2A Tl(x)). 

Proof. Using Brun's or Selberg's sieve (see [EJ, Theorem 2.4 or Theorem 3.12) 
we have that the number of primes p < x with p — 1 divisible by a prime 
q > x ( ' is 

^ ^ log x ' , 0(a) 

aq+l prime 

where we have used the well-known result that J2 a <r l/<K a ) ~ clogT for 
an appropriate constant c. Thus, we may assume that p — 1 has no prime 
factor larger than x 1_e( ' :r - )1/24 . Trivially we may also assume that p — 1 has 
no prime-power factor this large as well. Letting denoting a sum over 
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primes with these conditions, we have 

E'mp-i)^ = E' E A ( rf ) 

p<x p<x d\p— 1 

= E A(d)7r(a;, d, 1) 

d<x 1 - e W 1/24 



<<C A( ^(d)log(s/d) 

d<il-'W 1/24 

" A(rf) rf e (x) 1 /24 logx ' 

d<xl-«W 1/M 

the penultimate estimate coming from the Brun-Titchmarsh inequality. Us- 
ing the first two displays in the proof of Lemma El we have 

A(d) 
d 



E ^ « ^) 1/12 log*, 



l ' 2A x. 



d<x 

so that with the above estimate, we get that 

E'Mp-i)*! < <xY' 

p<x 

The lemma follows readily. □ 

The proof of Theorem^Jfor the set of prime numbers now follows directly 
from the proof of Theorem ^2 where we replace Lemmas [7| and with Lem- 
mas and E3 respectively. Note that we may continue to use Lemma El 
since the estimate for the exceptional set in that lemma is o(tt(x)). 

We next turn our attention to the set of numbers pi where p, I are primes 
with p < I < 2p. Proving Theorem E3 for this set is equivalent to showing 
that 

(5) ord*(e,A(p/)) > Q 1+e{Q) 

for all but o(tt(Q) 2 ) pairs of primes p,l < Q. 

We have from [7j, Theorem 6, the following result in analogy to LemmafTUl 
But for o(it(Q) 2 ) pairs of primes p, I < Q we have 

(6) A(A(pO) > pVexp(2(loglogQ) 3 ). 
Note that 

A([o,6]) 



(7) ord (e, [a, b)) > ord (e, a) ord (e,b) 



A(a)A(6)' 



PERIOD OF THE LINEAR CONGRUENTIAL AND POWER GENERATORS 11 

Indeed, letting A = ord*(e, a), B = ord*(e, b) we have 
ord (e,[a,6]) = [A, B] = > 



(A,B) ~ (A(a),A(6))' 

so that using A([a,6]) = [A(a),A(6)], © follows. We Apply (J7J) with a = 
p — 1, b — I — 1, where p, / are distinct primes. As A([p — 1, Z — 1]) = A(A(p/)), 
we get 

(8) ord*(e,A(pZ)) > ord*(e,p - 1) ord*(e, Z - 1) A(A( f Z)) . 

pi 

So, to show ©, we assume that © holds and we apply (JBJ). The result 
follows from the fact that the set of primes has property P e almost always. 
(To be perfectly precise, we use that the set of primes has property P 2e 
almost always.) 

The third class of numbers in Theorem EH namely, the set of all numbers 
n, is more difficult. We begin with a new result: 

Theorem 16 (Martin-Pomerance [Tlj). As n — > oo through a certain set 
of integers of asymptotic density 1, we have 

A(A(n)) = n ■ exp(— (1 + o(l)) (log logn) 2 log log log n) 

Thus, A(A(n)) > n/ exp((loglogn) 3 ) almost always. 

We now give the analog result to Lemmas [7| and [Til 

Lemma 17. We have 

\{n) c < exp( (log logn) 2 ) 
A(n)/7(A(n)) < logn 

Lo(\(n)) < (log logn) 2 

almost always. 
Proof. We have 

^logA(n) £ < J2 S l °ZP a ^ J2 l °ZP a S L 

n<x n<x p a \\\(n) p a <x n<x 

pec peC P a \Hn) 

If a prime power p a divides A(n) it must be the case that either n is divisible 
by some prime q = 1 (mod p a ) or p a+1 |n. As 



1 log log x + O (log d) 



q < x 9 ^ 

g prime 
5=1 (mod a!) 
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uniformly for all integers d > 2 (see ^7], Theorem 1 and Remark 1, or 
Norton |15j). we have 

x sr^ x a; log log a; /a;logp a 



y^ i < | y^ _ - xiu & iu & x | q 

h ~ i'" • : s ? 0b a ) r v y 

p a |A(n) g prime 

g=l (mod p a ) 



a 



Hence 



a\2 



V^i \ / \ „ i i logp a (l0gp 

^logA(n) £ < a; log log — — + ^ " ^ 

n<x p a <x p a <x 

<C x log log x, 

the last inequality coming from the estimate for 7Tc(x) in Lemma El Thus 
we immediately get the first assertion in the lemma. 

For the second assertion note that from (6) and (7) in jH] we have 

log(A(n)/7(A(n))) <C log log xj log log log x 

for all but o(x) choices of n < x. Thus we have the second assertion. 

The third assertion follows from the fact that the normal order of u(X(n)) 
is i(loglogn) 2 , see jS]. □ 

Now we give the analog result to Lemmas El and ITol 

Lemma 18. Let e(x) satisfy Almost all numbers n have the property 
that X(n) M < n 2 / 5 . 

Proof. Let 

M' = {p prime : (p — 1) M > p 1 ^ 3 }. 

Lemma CHI tells us that 7i»'(x) <C e(x) 1//24 7r(x). We apply the proof of 
Lemma El with Ai replaced by A4' and with e(x) 1 / 12 replaced by e(x) 1 / 24 . 
Thus, by the final display of Lemma 01 we have that 

^^logn^/ <C e(x) 1 ^ 24 xlogx. 

n<x 

We thus get that um' < n 1 / 12 almost always. Assume that n has this 
property. By Lemma we may also assume that n/^{n) < n 1 / 90 . Thus, 

X(n) M < (n/ 7 (n))A( 7 (n)) A , < n 1 ' 90 ]J(p - l) M 

p\n 

= n 1 / 90 J] (p-l) M II (P~ l )M 

P\n M i p\n/n M , 

< n^inM'Mn/nM,) 1 / 3 < n 1 ' 90 n% 3 , n 1/3 < n 2 / 5 . 
This completes the proof of the lemma. □ 
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We are in a position now to complete the proof of Theorem El As- 
sume that n satisfies the properties in Theorem El and Lemmas El El By 
Lemma fTUl we may also assume that X(n) > nexp(— (loglogn) 3 ). Thus, 
-M n )« > n3 ^ 5 / exp(2(loglogn) 3 ). Using Lemma and assuming that n is 
large, we have 

ord*(e, A(n)) > 
> 

> 
> 
> 
> 

This completes the proof of Theorem El 

4. The 1/2 + c results 

The spirit of Theorems ^2 and El concerns the best that can be said 
for almost all cases. In this section we relax the "almost all" to "a positive 
proportion" and so prove somewhat stronger results. One could relax further 
to "infinitely often," but then it occurs that quite cheap results can be had. 
For example, if p is a prime that does not divide e, then ord(e,p J ) = p>~°( l \ 
so that ord(e, n) ^> n infinitely often. 

We begin with the case of ord(e,p) for p prime. As mentioned in the 
Introduction, one way of getting a fairly decent result here is to have a very 
large prime factor of p — 1 as afforded by a series of papers culminating in 
the recent paper 0. 

Lemma 19 (Baker-Harman). For a positive proportion of the primes p, 
there is a prime q\p — 1 with q > p - 677 . 

Note that this result follows from (7.1) in [2|. 

We use this result to immediately get the following: 

Lemma 20. We have ord(e,p) > p - 677 for a positive proportion of the 
primes p. 

Proof. Among the primes p for which p— 1 is divisible by a prime q > p°- 677 ; 
consider those for which ord(e,p) is not divisible by q. Then if p < x, 
we have ord(e,p) < x ' 323 . As in the argument for ttc(x) in the proof of 
Lemma [3 the number of such primes is 0(x°' 646 / logx) = o(tt(x)). Thus, 



A(A(n)) 
A(n) 



U ° rd *( e >p) 



p|A(n) 

exp(-(loglogn) 3 ) Y[ (p 1/2 /\ogp) J] p 1 I 2+2 <p) 

p\\(n) M p|A(n) H 

exp(-2(loglogn) 3 ) 7 (A(n) A4 ) 1 / 2 7(A(n) w ) 1 / 2+2 ^") 
exp ( - 3 (log log n) 3 ) A (n) 1/2 A (n) 2e {n) 
exp ( — 4 (log log n) 3 ) n 



3\_l/2+(6/5)e(n) 



n 



l/2+e(n) 
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only a negligible number of primes which satisfy the previous lemma do not 
satisfy the present lemma. □ 

Our basic strategy in this section to make ord*(e,m) large, is to manage 
to place in m a large prime p for which ord(e,p) is large, and then use the 
ideas of the previous sections to show that the remainder of m cannot do 
too much damage most of the time. For ord (e, n) the idea is especially 
transparent. 

Theorem 21. We have ord*(e,n) > n 0S77 for a positive proportion of in- 
tegers n. 

Proof. The only subtlety here is that we need to extend Lemma IT9l slightly. 
By the Brun-Titchmarsh inequality, the proportion of primes p with a prime 
factor q of p — 1 in the interval [p - 677 ^ - 67 ^ 26 ] j s 0(e). So if e is small 
enough compared to the positive proportion produced in Lemma EE then 
there must be a positive proportion left over with q > p°- 677+2e . And, for 
all but a negligible proportion of these numbers, as in Lemma I2UJ we have 
ord(e,p) > p°- 677 + 2e . Now consider for such primes p, integers of the form 
ap < x, where a < x € . For such primes p < x the number of integers a 
that may be taken is ^> x/p, and letting p run from x 1 ~ e to x there is never 
any double counting of any ap. Thus, the number of such numbers ap is 
3> ^2 x/p 3> x. Further, 

ord*(e,aj9) > ord(e,p) > p a677 + 2t > (ap) 0S77 . 

This completes the proof of the theorem. □ 

We say n has property P c if ord*(e, A(n)) > n l / 2+c . In the rest of this 
section we take c = 0.092. 

Theorem 22. Positive proportions of the set of primes and the set of all 
natural numbers have property P c . Further, there are ^> n{Q) 2 pairs of 
primes p,l < Q such that pi has property P c . 

Proof. We begin with the case of primes, from which the other two cases 
will follow easily. We actually show a slightly stronger result: there is some 
5 > such that a positive proportion of the primes have property P c+ $. Let 
V be the set of primes q for which ord(e, q) > g - 677 . Lemma QUI tells us that 
this set of primes comprises a positive proportion of all primes. Consider 
primes p < x where q\p — 1 for some q G V and with x°' 52 ~ e < q < x ' 52 . 
Here, e > is arbitrarily small but fixed. It follows from pQ, Theorem 
1, that a positive proportion of primes p are so represent able. Further, it 
follows from Lemma ITU that by neglecting only a relative density of such 
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primes p, we have 

Ord*(e,p-l) > ( p / g )l/2-o(l) ? 0.677 = p l/2- O (l) g 0.177+ O (l) 
> l/2+(0.52-e)(0.177)-o(l) i 

As (0.52)(0.177) > c, if e is taken small enough, we have (0.52 - e) (0.177) > 
c + 5 for some fixed 5 > 0. Thus, ord*(e,p— 1) > j 5 1 / 2 + c + <5 ) with this holding 
for a positive proportion of primes p. Thus, we have the theorem for the set 
of primes. 

Now consider the numbers pi, where p, I are primes with p,l < Q. We 
apply (JBJ) where p, I are primes with p,l < Q which have property P c +s- 
Assuming as we may that pi satisfies (JHJ), we have 

ord*(e,A(pZ)) > (p/) 1/2+c+5 exp(-2(loglogQ) 3 ). 
Thus, there are 3> tt{Q) 2 pairs of primes p,l < Q for which pi has property 

Pc 

We now consider the set of all positive integers. Consider the integers 
n = ap where a < p 5 ^ 2 , where p is a prime with property P c +«5. By the 
first part of the proof, these numbers n comprise a positive proportion of 
all numbers n. Further, for such a number n we have 

ord*(e,A(n)) > ord*(e,p-l) > p 1/2+c+s > (ap) 1/2+c = n 1/2+c . 

Thus, n has property P c . This completes the proof of the theorem. 

□ 



5. The 1 - e results 



In this section we improve the 1/2 + e results to 1 — e, but we assume 
the Generalized Riemann Hypothesis (GRH). We begin with the following 
slight strengthening of Theorem 2 of [IT]: 

Theorem 23. Let e > 2 be an integer. If the GRH is true, then for x, y 
with 1 < y < logx, 



p < x : ord(e,p) < 



ir(x) x log logx 



y 



log X 



where the implied constant depends at most on the choice of e. 

Proof. Since the proof is rather similar to the proof of the main theorem in 
and the proof of Theorem 2 in JTJ, we only give a brief outline. With 



(p — 1)/ ord(e,p), we see that ord(e,p) < p/y implies that i p > y/2. 



First step: We first consider primes p such that i p e ((a; logx 



1/2 



X 



As 



in the first part of the proof of Lemma the number of such primes is 
Oixj log 2 x). 
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Second step: Consider primes p such that q\i p for some prime q in the 
interval [ xl { 2 , (xlogx) 1 ^ 2 ]. We may bound this by considering primes p < x 

log X 

such that p = 1 (mod q) for some prime q G [ x 3 - , (xlogx) 1 ^ 2 ]. The Brun- 

log 35 

Titchmarsh inequality then gives that the number of such primes p is at 
most 

Ex x 1 % log log X 
<C > - -C — - — . 
(j)(q)\og(x/q) ~ \ogx J-^ q ~ log 2 x 

L log° x v y J L log° z v y J 

Third step: Now consider primes p such that for some prime g in the 
interval [y, ^3 J ■ In this range the GRH gives useful bounds; by (28) in 
or Corollary 6 and Lemma 9 of ^Tj, we have 

\{p < x : q \ i p }\ < ^- + 0(x 1/2 log(xg 2 )). 

Summing over q, we find that the number of such p is bounded by 

'*( x ) , n/J/2,„ „/ „2^ ^ 7r(x) x 



£ (^ + o ( ^iog(^))) « + 



T 1 / 2 



log 2 X 



Fourth step: For the remaining primes p, any prime divisor q\i p is smaller 
than y. Hence i p must be divisible by some integer d in the interval [y/2, y 2 }. 
The analog of (28) in jU] for not-necessarily-squarefree integers, or more 
directly, Corollary 6 and Lemma 9 of [TT], gives 

(9) \{p<x:d\i p }\ « ^ + 0(x 1 / 2 log(xrf 2 )). 

Hence the total number of such p is bounded by 

tt(x) 



where the last estimate follows from the well-known result Y2 a <T l/0( a ) = 
clogT + 0(1) (for an appropriate constant c) and partial summation. □ 

Remark. It follows easily from (JJJJ) that for 1 < y < a; 1 / 4 / log a; and assuming 
the GRH, we have 

ir(x) 



p < x 



: p 1 ^ 2 ?/^ 2 ^ < ord(e,p) < - > 

y) 



y 



Let <5(x) = ^/log \ogx] \ogx. By a slight abuse of notation, say an integer 
n has property Pi_<5 if ord*(e, A(n)) > n 1 ~ <5 ( n ). Theorem |2"31 is our principal 
tool in the proof of the following result. 
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Theorem 24. Assume the GRH holds. The set of primes and the set of 

integers pi with p, I prime and p < I < 2p have property Pis almost always. 

Proof. Let 

W = {p prime : ord (e,p) < p/logp}, 
where we use the mnemonic W for weak. From Theorem E21 we have 

(10) ^w( x ) x log log x/ log 2 x . 
We now consider 

S : = ^log(p- l) w , 

p<x 

following the lines of the proof of Lemma ED We have 

(11) S = J2 A (d)<x,d,l) = ^(x,p,l)]o SP + L^A ■ 

d<x P<a; V § / 

d w =d pGW 

Using Brun's or Selberg's sieve as in the proof of Lemma E3 we have 
^ p>2 ,i_ E 7r(x,p, 1) <C ex/logx, so that the contribution to the last sum 
in (fllj) from the primes p > x l ~ e is ex. For primes p < x l ~ e we use the 
Brun-Titchmarsh inequality to get 7r(x,p, 1) x/(ep\ogx), so that using 
(fT0"j) . the contribution to the sum from these primes is -C x/(e logx). Letting 
e = l/ y/logx, we get 

(12) ^log(p-l) w < s/^og^. 

Thus, (p — l)w < p 5 ^/ 2 almost always. The proof of our theorem for the 
set of primes now follows in exactly the same way as in Theorem El 

The case for the numbers pi now also follows using © and our prior 
arguments. □ 

We now begin to examine the normal contribution to A(n) from primes 
in W. 

Lemma 25. Assuming the GRH is true, forx, T > 3, the number of integers 
n < x such that p\X(n) for p G W and p > T is 

loglogT 
< x log log x • — ■ — — . 

logT 

Proof. If p\X(n), then either p 2 \n or some prime ? = 1 (mod p) divides n. 
The number of n < x in the first case is clearly bounded by x/T. By the 
Brun-Titchmarsh inequality and partial summation, 

1 x log log x 



x 



n ^ 



q p 

q<x, q=l (modp) 
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hence the number of n < x for which the second case occurs is 

<C x/q -C x log log x 1/p 

p>T,p&A> q<x,q=l(modp) p>T,p£W 

which, since vr>v(x) <C x log log xj log 2 x, is 

loglogT 
< x log log a; • — — — 
logT 

by partial summation. □ 

We now prove that for most integers n, A(n)w is fairly small in the fol- 
lowing sense: 

Lemma 26. Let f{n) = J2 p \\( n ) p gw^°SP- Assuming the GRH is true, for 
almost all integers n, we have 

f(n) < (log log nf. 

Proof. Take T = exp ((log log a:) 2 ) in Lemma 1251 Then the number of n < x 
for which some p G W, p > T divides A(n) is o(x). Letting denote a 
sum over n for which no p G W, p > T divides A(n), we obtain as before 
that 

n<x p<T,p£W n<x 

p\X(n) 

^ logp ^ logp 

p<T,p€W " p<T,pGW ^ 

Since tcw(x) <C x log log xj log 2 x, partial summation gives that 

<C (loglogT) 2 (log log log x) 2 

Hence 



p<T,pGW ^ 



yj ^ x log log x (log log log x) 2 . 

Thus, the average order of f{n), after removing those integers n where 
A(n) is divisible by some p G W, p > T, is loglogn(logloglogn) 2 . We 
conclude that f(n) < (log log n) 2 holds for almost all n. □ 

We are now ready to prove a result for ord*(e, A(n)) on the assumption 
of the GRH. 

Theorem 27. If the GRH is true, then for each fixed integer e > 2, 
ord*(e, A(n)) = n ■ exp(— (1 + o(l)) (log log n) 2 log log log n) 
as n — > oo through a set of asymptotic density 1. 
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Proof. We shall show that if the GRH is true, then 

(13) ord*(e, A(n)) > A(A(n)) exp (— 3 (log log n) 2 (log log log log n) 2 ) 

for almost all n. The theorem will then follow from the trivial inequality 
ord*(e, A(n)) < A(A(n)) and Theorem [TBI By Lemma !2o1 we may assume 
that f{n) < (log log n) 2 . Let 

Wi = {p prime : pj log p < ord*(e,p) < p/(loglogp • log log log p) } , 

so that by Theorem 031 we have 7r Wl (x) <C it (x)/ (log log x Tog log log x). Let 
9(n) = E p |A( w ), peWl L Then 

£*(») = E E 1 

p<x,p£Wi n<x,p\X(n) 



< x E ^ + ^ log log X - 

p<x,p£Wi ^ p<x,p&Vi ^ 

<C x log log x ■ log log log log X, 



the last estimate coming from partial summation and our inequality for 
ty Wl (x). Thus, for almost all n, g(n) < log log n (log log log log n) 2 . 
Also, let 

^2 = {p prime : pj (log log p ■ log log log p) < ord*(e,p) 

< pj log log log p}, 

so that by Theorem 031 we have tt^^x) <C 7r(x)/logloglogx. We let h(n) = 
T.p\x(n), P ew 2 L As in tne calculation for g(n), we get 

yj/i(n) <C x(loglogx) 2 / log log log x, 

so that for almost all n we have 

< (log log n) 2 log log log log nj log log log n. 

Now assume that f(n),g(n), h{n) are bounded as above, and assume that 
the inequalities in Lemma IT7I hold. We have by Lemma 

(14) ord*(e,AH) > ft ord*(e, P ) > 



20 
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A : 
B : 
C : 



n 

p|A(n) Wl 

n 

p|A(n) W2 



P 



logp 



P 



log log p ■ log log log p 



n 



p 



Now 



where 



p|A(n)/A(n)wuW 1 uW 2 

Up\\(n)/\{n) w P 



log log log p 



ABC > 



DEF 



D 
E 
F 



: (logn) 9(n) , 

(log log n • log log log n) h< ^ , 
: (logloglognf (A(n)) . 

By our assumptions on n, and taking n sufficiently large, we have 
DEF < exp(2(loglogn) 2 (loglogloglogn) 2 ). 

Further, 

7 (A(n)) ^ \(n) 



n v 

p\\{n)/\(n) w 



> 



logra ■ exp ((log log n) 2 ) 



exp(/(n)) 

Hence by our above estimates, 

ABC > X(n) exp (—3 (log log n) 2 (log log log log n) 2 ) 

for almost all n. We use this estimate in (I14J) . so that (fT3*j) and the theorem 
follow. □ 

As mentioned in the introduction, ord*(e, \ {n)) is the period of the power 
generator vf (mod n) if ord*(w,n) = A(n), that is, if ord* (u,n) is as large 
as possible. We now briefly consider the situation for a general modulus 
n when we do not make this assumption about u. We have the following 
result. 

Theorem 28. Assuming the GRH, for any fixed integers e, u > 2, the period 
of the sequence u £l (mod n) is equal to 

n ■ exp(— (1 + o(l))(loglogn) 2 log log log n) 



as n 



oo through a certain set of integers of asymptotic density 1. 
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Proof. First note the elementary inequality 

(15) for j | n we have ord*(e, n/j) > -ord*(e,n). 

3 

To see this, as before let j( e ), n,( e ) be the largest divisors of j, n respectively 
that are coprime to e, so that ord*(e,n) = ord(e, n^) and ord*(e, n/j) = 
ord(e, rif e )/jr e )). Let j( e ) = j\j 2 where j\ is the largest divisor of jc e \ that is 
coprime to n/ e )/jr e y Then 

ord(e, n (e) ) = ord(e,jij 2 ^( e )/j(e)) = [ord(e, ji), ord(e, j 2 n {e) / j {e) )}. 
Further, ord(e, j 2 n (e) /j (e) ) | j 2 • ord(e, n (e) /j (e) ), so that 

ord*(e,n) = ord(e,n (e) ) < ord(e, ji) ■ j 2 • ord(e, n( e )/j( e )) 

< j (e) • ord(e, n (e) /j (e) ) < j ■ ord*(e, n/j), 

which proves (|15|) . Recall that the period for the sequence u e% (mod n) is 
ord (e,ord (u,n)). Thus, if ord (u,n) = X(n)/j, we have by (fl3j) that the 
period is 

ord*(e, \{n)/j) > - ord*(e, \{n)). 

But, on the GRH we have ord*(w, n) > n/(logn) 21ogloglog?1 almost always; 
this follows from the proof of Cor. 2 in ^3]. Thus, we may take j < 
(log n ) 2 log log log « go the regult follows from Theorem E3 □ 
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